babylonrat | db34097591cecd997e42d7735a128516f9cf94e70f970d7c091ddfa1946b8edc | Triage

Sharing

General

Target

baby.exe
Size

733KB
Sample

240825-hl31qs1amg
MD5

b9b119f4d43068bb9ef2af278a98ca61
SHA1

8e9a9f8d8624da0d9881ac6b61e8d7df056c898f
SHA256

db34097591cecd997e42d7735a128516f9cf94e70f970d7c091ddfa1946b8edc
SHA512

7f804e731b26c7671de2bdde0241f5bc2c2b33bbe4d4822bce2dadc06793d926318fdc12ba04e17effb3a6d510799729a504fe8d47feff83800bb4ad2dc24344
SSDEEP

12288:8qzcpVgUXzL0TTUKZHTNloEkOpnKgofuIwV6eAj0wZxxXMcEe/3paPcg9X:8qzcpKIL0TvZzNlNky0wVW0wZxxVg9X

Score

10^/10

babylonrat discovery persistence trojan

Malware Config

Targets

- Target
  
  baby.exe
- Size
  
  733KB
- MD5
  
  b9b119f4d43068bb9ef2af278a98ca61
- SHA1
  
  8e9a9f8d8624da0d9881ac6b61e8d7df056c898f
- SHA256
  
  db34097591cecd997e42d7735a128516f9cf94e70f970d7c091ddfa1946b8edc
- SHA512
  
  7f804e731b26c7671de2bdde0241f5bc2c2b33bbe4d4822bce2dadc06793d926318fdc12ba04e17effb3a6d510799729a504fe8d47feff83800bb4ad2dc24344
- SSDEEP
  
  12288:8qzcpVgUXzL0TTUKZHTNloEkOpnKgofuIwV6eAj0wZxxXMcEe/3paPcg9X:8qzcpKIL0TvZzNlNky0wVW0wZxxVg9X
Score

10^/10

babylonrat discovery persistence trojan
- Babylon RAT
  Babylon RAT is remote access trojan written in C++.
  trojan babylonrat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

babylonratdiscoverypersistencetrojan